ExamGecko
Search Search Login
Home Home / Isaca / CISM

Isaca CISM Practice Test - Questions Answers, Page 74

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 731

Report
Export
Collapse

The PRIMARY purpose for deploying information security metrics is to:

A.
compare program effectiveness to benchmarks.
A.
compare program effectiveness to benchmarks.
Answers
B.
support ongoing security budget requirements.
B.
support ongoing security budget requirements.
Answers
C.
ensure that technical operations meet specifications.
C.
ensure that technical operations meet specifications.
Answers
D.
provide information needed to make decisions.
D.
provide information needed to make decisions.
Answers
Suggested answer: D

Question 732

Report
Export
Collapse

The BEST way to report to the board on the effectiveness of the information security program is to present:

A.
a dashboard illustrating key performance metrics.
A.
a dashboard illustrating key performance metrics.
Answers
B.
a summary of the most recent audit findings.
B.
a summary of the most recent audit findings.
Answers
C.
peer-group industry benchmarks.
C.
peer-group industry benchmarks.
Answers
D.
a report of cost savings from process improvements.
D.
a report of cost savings from process improvements.
Answers
Suggested answer: A

Question 733

Report
Export
Collapse

Which of the following should be done FIRST when establishing an information security governance framework?

A.
Evaluate information security tools and skills relevant for the environment.
A.
Evaluate information security tools and skills relevant for the environment.
Answers
B.
Gain an understanding of the business and cultural attributes.
B.
Gain an understanding of the business and cultural attributes.
Answers
C.
Contract a third party to conduct an independent review of the program.
C.
Contract a third party to conduct an independent review of the program.
Answers
D.
Conduct a cost-benefit analysis of the framework.
D.
Conduct a cost-benefit analysis of the framework.
Answers
Suggested answer: B

Question 734

Report
Export
Collapse

Which of the following is the BEST way to build a risk-aware culture?

A.
Periodically change risk awareness messages.
A.
Periodically change risk awareness messages.
Answers
B.
Ensure that threats are documented and communicated in a timely manner.
B.
Ensure that threats are documented and communicated in a timely manner.
Answers
C.
Establish a channel for staff to report risks.
C.
Establish a channel for staff to report risks.
Answers
D.
Periodically test compliance with security controls.
D.
Periodically test compliance with security controls.
Answers
Suggested answer: C

Question 735

Report
Export
Collapse

Which of the following is the MOST important input to the development of an effective information security strategy?

A.
Risk and business impact assessments
A.
Risk and business impact assessments
Answers
B.
Business processes and requirements
B.
Business processes and requirements
Answers
C.
Current and desired state of security
C.
Current and desired state of security
Answers
D.
Well-defined security policies and procedures
D.
Well-defined security policies and procedures
Answers
Suggested answer: B

Question 736

Report
Export
Collapse

Which of the following is the PRIMARY preventive method to mitigate risks associated with privileged accounts?

A.
Eliminate privileged accounts.
A.
Eliminate privileged accounts.
Answers
B.
Perform periodic certification of access to privileged accounts.
B.
Perform periodic certification of access to privileged accounts.
Answers
C.
Frequently monitor activities on privileged accounts.
C.
Frequently monitor activities on privileged accounts.
Answers
D.
Provide privileged account access only to users who need it.
D.
Provide privileged account access only to users who need it.
Answers
Suggested answer: D

Question 737

Report
Export
Collapse

Which of the following is PRIMARILY influenced by a business impact analysis (BIA)?

A.
IT strategy
A.
IT strategy
Answers
B.
Recovery strategy
B.
Recovery strategy
Answers
C.
Risk mitigation strategy
C.
Risk mitigation strategy
Answers
D.
Security strategy
D.
Security strategy
Answers
Suggested answer: B

Question 738

Report
Export
Collapse

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

A.
Training project managers on risk assessment
A.
Training project managers on risk assessment
Answers
B.
Having the information security manager participate on the project steering committees
B.
Having the information security manager participate on the project steering committees
Answers
C.
Applying global security standards to the IT projects
C.
Applying global security standards to the IT projects
Answers
D.
Integrating the risk assessment into the internal audit program
D.
Integrating the risk assessment into the internal audit program
Answers
Suggested answer: B

Question 739

Report
Export
Collapse

Which of the following should be implemented to BEST reduce the likelihood of a security breach?

A.
A data forensics program
A.
A data forensics program
Answers
B.
A configuration management program
B.
A configuration management program
Answers
C.
A layered security program
C.
A layered security program
Answers
D.
An incident response program
D.
An incident response program
Answers
Suggested answer: C

Question 740

Report
Export
Collapse

Which type of plan is PRIMARILY intended to reduce the potential impact of security events that may occur?

A.
Security awareness plan
A.
Security awareness plan
Answers
B.
Business continuity plan (BCP)
B.
Business continuity plan (BCP)
Answers
C.
Disaster recovery plan (DRP)
C.
Disaster recovery plan (DRP)
Answers
D.
Incident response plan
D.
Incident response plan
Answers
Suggested answer: D
Total 793 questions
Go to page: of 80
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms